Examples with BadCredentialsException org.springframework.security.authentication.BadCredentialsException used on opensource projects

Search in sources :

Example 31 with BadCredentialsException

use of org.springframework.security.authentication.BadCredentialsException in project webofneeds by researchstudio-sat.

the class WebIdUserDetailsService method loadUserDetails.

@Override
public UserDetails loadUserDetails(final PreAuthenticatedAuthenticationToken token) throws UsernameNotFoundException {
    StopWatch stopWatch = new StopWatch();
    stopWatch.start();
    String principal = (String) token.getPrincipal();
    Certificate certificate = (Certificate) token.getCredentials();
    logger.debug("Adding userDetails for '" + principal + "'");
    URI webID = null;
    try {
        webID = new URI(principal);
    } catch (URISyntaxException e) {
        throw new BadCredentialsException("Principal of X.509 Certificate must be a WebId URI. Actual value: '" + principal + "'");
    }
    // at this point, we know that a client certificate was presented. Grant this role:
    List<GrantedAuthority> authorities = new ArrayList<>(3);
    authorities.add(new SimpleGrantedAuthority("ROLE_CLIENT_CERTIFICATE_PRESENTED"));
    logger.debug("verifying webId '" + principal + "'");
    try {
        if (webIDVerificationAgent.verify(certificate.getPublicKey(), webID)) {
            authorities.add(new SimpleGrantedAuthority("ROLE_WEBID"));
            logger.debug("webId '" + principal + "' successfully verified - ROLE_WEBID granted");
        } else {
            logger.debug("could not verify webId '" + principal + "'. ROLE_WEBID not granted");
        }
    } catch (Exception e) {
        logger.debug("could not verify webId '" + principal + "' because of an error during verification. ROLE_WEBID " + "not granted. Cause is logged", e);
    }
    stopWatch.stop();
    logger.debug("webID check took " + stopWatch.getLastTaskTimeMillis() + " millis");
    return new WebIdUserDetails(webID, authorities);
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) URISyntaxException(java.net.URISyntaxException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) URI(java.net.URI) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) URISyntaxException(java.net.URISyntaxException) StopWatch(org.springframework.util.StopWatch) Certificate(java.security.cert.Certificate)

Example 32 with BadCredentialsException

use of org.springframework.security.authentication.BadCredentialsException in project midpoint by Evolveum.

the class TestAbstractAuthenticationEvaluator method test101PasswordLoginBadPasswordJack.

@Test
public void test101PasswordLoginBadPasswordJack() throws Exception {
    final String TEST_NAME = "test101PasswordLoginBadPasswordJack";
    TestUtil.displayTestTile(TEST_NAME);
    // GIVEN
    ConnectionEnvironment connEnv = createConnectionEnvironment();
    XMLGregorianCalendar startTs = clock.currentTimeXMLGregorianCalendar();
    try {
        // WHEN
        TestUtil.displayWhen(TEST_NAME);
        getAuthenticationEvaluator().authenticate(connEnv, getAuthenticationContext(USER_JACK_USERNAME, getBadPasswordJack()));
        AssertJUnit.fail("Unexpected success");
    } catch (BadCredentialsException e) {
        // This is expected
        // THEN
        TestUtil.displayThen(TEST_NAME);
        display("expected exception", e);
        assertBadPasswordException(e, USER_JACK_USERNAME);
    }
    XMLGregorianCalendar endTs = clock.currentTimeXMLGregorianCalendar();
    PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
    display("user after", userAfter);
    assertFailedLogins(userAfter, 1);
    assertUserLockout(userAfter, LockoutStatusType.NORMAL);
    assertLastFailedLogin(userAfter, startTs, endTs);
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test) AbstractInternalModelIntegrationTest(com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest)

Example 33 with BadCredentialsException

use of org.springframework.security.authentication.BadCredentialsException in project midpoint by Evolveum.

the class TestAbstractAuthenticationEvaluator method test202UserGuybrushPasswordLoginBadPassword.

@Test
public void test202UserGuybrushPasswordLoginBadPassword() throws Exception {
    final String TEST_NAME = "test202UserGuybrushPasswordLoginBadPassword";
    TestUtil.displayTestTile(TEST_NAME);
    // GIVEN
    ConnectionEnvironment connEnv = createConnectionEnvironment();
    XMLGregorianCalendar startTs = clock.currentTimeXMLGregorianCalendar();
    try {
        // WHEN
        TestUtil.displayWhen(TEST_NAME);
        getAuthenticationEvaluator().authenticate(connEnv, getAuthenticationContext(USER_GUYBRUSH_USERNAME, getBadPasswordGuybrush()));
        AssertJUnit.fail("Unexpected success");
    } catch (BadCredentialsException e) {
        // This is expected
        // THEN
        TestUtil.displayThen(TEST_NAME);
        display("expected exception", e);
        assertBadPasswordException(e, USER_GUYBRUSH_USERNAME);
    }
    XMLGregorianCalendar endTs = clock.currentTimeXMLGregorianCalendar();
    PrismObject<UserType> userAfter = getUser(USER_GUYBRUSH_OID);
    display("user after", userAfter);
    assertFailedLogins(userAfter, 1);
    assertLastFailedLogin(userAfter, startTs, endTs);
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test) AbstractInternalModelIntegrationTest(com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest)

Example 34 with BadCredentialsException

use of org.springframework.security.authentication.BadCredentialsException in project midpoint by Evolveum.

the class TestAbstractAuthenticationEvaluator method test125PasswordLoginBadPasswordJackAfterLockoutFailedAttemptsDuration.

/**
	 * Wait for 5 minutes. The failed login count should reset after 3 minutes. Therefore bad login
	 * count should be one after we try to make a bad login.
	 */
@Test
public void test125PasswordLoginBadPasswordJackAfterLockoutFailedAttemptsDuration() throws Exception {
    final String TEST_NAME = "test125PasswordLoginBadPasswordJackAfterLockoutFailedAttemptsDuration";
    TestUtil.displayTestTile(TEST_NAME);
    // GIVEN
    clock.overrideDuration("PT5M");
    ConnectionEnvironment connEnv = createConnectionEnvironment();
    XMLGregorianCalendar startTs = clock.currentTimeXMLGregorianCalendar();
    try {
        // WHEN
        TestUtil.displayWhen(TEST_NAME);
        getAuthenticationEvaluator().authenticate(connEnv, getAuthenticationContext(USER_JACK_USERNAME, getBadPasswordJack()));
        AssertJUnit.fail("Unexpected success");
    } catch (BadCredentialsException e) {
        // This is expected
        // THEN
        TestUtil.displayThen(TEST_NAME);
        display("expected exception", e);
        assertBadPasswordException(e, USER_JACK_USERNAME);
    }
    XMLGregorianCalendar endTs = clock.currentTimeXMLGregorianCalendar();
    PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
    display("user after", userAfter);
    assertFailedLogins(userAfter, 1);
    assertLastFailedLogin(userAfter, startTs, endTs);
    assertUserLockout(userAfter, LockoutStatusType.NORMAL);
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test) AbstractInternalModelIntegrationTest(com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest)

Example 35 with BadCredentialsException

use of org.springframework.security.authentication.BadCredentialsException in project dhis2-core by dhis2.

the class DhisBindAuthenticator method authenticate.

@Override
public DirContextOperations authenticate(Authentication authentication) {
    boolean ldapConf = configurationProvider.isLdapConfigured();
    if (!ldapConf) {
        throw new BadCredentialsException("LDAP authentication is not configured");
    }
    UserCredentials userCredentials = userService.getUserCredentialsByUsername(authentication.getName());
    if (userCredentials == null) {
        throw new BadCredentialsException("Incorrect user credentials");
    }
    if (userCredentials.hasLdapId()) {
        authentication = new UsernamePasswordAuthenticationToken(userCredentials.getLdapId(), authentication.getCredentials());
    }
    return super.authenticate(authentication);
}
Also used : UserCredentials(org.hisp.dhis.user.UserCredentials) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)

Aggregations

BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)170 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)63 Authentication (org.springframework.security.core.Authentication)57 Test (org.junit.jupiter.api.Test)29 Test (org.junit.Test)27 AuthenticationException (org.springframework.security.core.AuthenticationException)23 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)20 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)20 UserDetails (org.springframework.security.core.userdetails.UserDetails)20 GrantedAuthority (org.springframework.security.core.GrantedAuthority)15 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)14 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)13 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)12 HttpServletRequest (javax.servlet.http.HttpServletRequest)11 FilterChain (jakarta.servlet.FilterChain)10 IOException (java.io.IOException)10 ArrayList (java.util.ArrayList)10 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)10 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)9 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial